Flame revives Stuxnet concerns

Powered by SC Magazine
 

New virus hits Iran computers.

Security experts have discovered a highly sophisticated computer virus in Iran and the Middle East that they believe was deployed at least five years ago to engage in state-sponsored cyber espionage.

Evidence suggests the virus, dubbed Flame, may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010.

Researchers for Russian malware detection software marker Kaspersky Lab are yet to determine whether Flame had a specific mission like Stuxnet.

It discovered Flame after a UN telecommunications agency asked it to analyse data on malicious software across the Middle East in search of the data-wiping virus reported by Iran.

The virus has since been discovered to originate from a network of some 80 servers across Asia, Europe and North America used to remotely access infected machines. Up to 5000 infected computers were found in Iran, Israel and Palestinian, as well as Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

Kaspersky has declined to say who they think built it.

Iran has accused the United States and Israel of deploying Stuxnet.

Cyber security experts said the discovery provides new evidence to the public to show what experts privy to classified information have long known: that nations have been using pieces of malicious computer code as weapons to promote their security interests for several years.

"This is one of many, many campaigns that happen all the time and never make it into the public domain," said Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs.

A cyber security agency in Iran said on its website that Flame bore a "close relation" to Stuxnet, the notorious computer worm that attacked that country's nuclear program in 2010.
Stuxnet became the first publicly known example of a cyber weapon.

Iran's National Computer Emergency Response Team also said Flame might be linked to recent cyber attacks that officials in Tehran have said were responsible for massive data losses on some Iranian computer systems.

Stuxnet connection

The virus contains about 20 times as much code as Stuxnet - which caused centrifuges to fail at the Iranian enrichment facility it attacked - and about 100 times as much code as a typical virus designed to steal financial information, according to Kaspersky Lab senior researcher Roel Schouwenberg.

It uses some 20 modules built into the code that can perform several functions including gathering data files, remotely changing settings on computers, turning on PC microphones to record conversations, accessing Bluetooth communications, taking screen shots and logging instant messaging chats.

Kaspersky Lab said Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and that both viruses employ a similar way of spreading.

But experts at Kaspersky Lab and Hungary's Laboratory of Cryptography and System Security, who have spent weeks studying Flame, said they have yet to find any evidence that it can attack infrastructure, delete data or inflict other physical damage.

Yet they said they are in the early stages of their investigations and that they may discover other purposes beyond data theft. It took researchers months to determine the key mysteries behind Stuxnet, including the purpose of modules used to attack a uranium enrichment facility at Natanz, Iran.

"Their initial research suggest that this was probably written by the authors of Stuxnet for covert intelligence collection," said John Bumgarner, a cyber warfare expert with the non-profit US Cyber Consequences Unit think tank.

Flame appears poised to go down in history as the third major cyber weapon uncovered after Stuxnet and its data-stealing cousin Duqu, named after the Star Wars villain.

Kaspersky research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

Countries at war?

That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, Schouwenberg said.

He said that a nation state would have the capability to build such a sophisticated tool but declined to comment on which countries might do so.

Mystery continues around Stuxnet's creators though reports as early as January 2011 have suggested that the US and Israel constructed the virus under a joint program begun around 2004 to undermine what they say are Iran's efforts to build a bomb.

The program was reportedly originally authorised by US President George W. Bush, and then accelerated by his successor, Barack Obama.

The countries are also thought to have gained help from Microsoft to identify and exploit weaknesses in the Windows operating system that were little known or as-yet undiscovered.

The US Defense Department, CIA, the State Department, the National Security Agency, and the US Cyber Command declined to comment.

Hungarian researcher Boldizsar Bencsath, whose Laboratory of Cryptography and Systems Security first discovered Duqu, said his analysis shows that Flame may have been active for at least five years and perhaps eight years or more.

"The scary thing for me is: if this is what they were capable of five years ago, I can only think what they are developing now," Mohan Koo, managing director of British-based Dtex Systems cyber security company.

Mikko Hypponen, chief research officer for anti-virus software maker F-Secure of Finland, described Flame as the latest of high-profile viruses that show makers of anti-virus software need to improve their performance.

He has led suggestions of countries stockpiling cyber weapons, including aggressively hiring black-hat hackers through defence contractors in order to build expertise.

"Stuxnet, Duqu and Flame are all examples where we - the anti-virus industry - have dramatically failed," he said. "All of these cases were spreading undetected for extended periods of time ... Yet, anti-virus products failed to protect users against these attacks."

(Additional reporting by Jim Wolf in Washington, Daniel Fineran in Dubai and William Maclean in London; editing by Edward Tobin, Ron Popeski and Mohammad Zargham)


Flame revives Stuxnet concerns
 
 
 
Top Stories
Hockey flags billion-dollar Centrelink mainframe replacement
Claims 30 year-old tech is holding Govt back.
 
Ombudsman wants to monitor warrantless metadata access
Requests ability to report publicly.
 
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  12%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1519

Vote